Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2025-2175

Published: Mar 11, 2025 | Modified: Oct 03, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2025-2175
CWEhttps://cwe.mitre.org/data/definitions/189.html

A vulnerability was found in libzvbi up to 0.2.43. It has been rated as problematic. Affected by this issue is the function _vbi_strndup_iconv. The manipulation leads to integer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

Affected Software

NameVendorStart VersionEnd Version
ZvbiZapping-vbi*0.2.44 (excluding)
ZvbiUbuntuesm-apps/bionic*
ZvbiUbuntuesm-apps/focal*
ZvbiUbuntuesm-apps/jammy*
ZvbiUbuntuesm-apps/noble*
ZvbiUbuntuesm-apps/xenial*
ZvbiUbuntufocal*
ZvbiUbuntujammy*
ZvbiUbuntunoble*
ZvbiUbuntuoracular*
ZvbiUbuntuupstream*

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use